summaryrefslogtreecommitdiff
path: root/lang
diff options
context:
space:
mode:
authortaca <taca@pkgsrc.org>2013-12-13 15:30:35 +0000
committertaca <taca@pkgsrc.org>2013-12-13 15:30:35 +0000
commit5301bafbfa3d4d0032559076a255d4c26962424c (patch)
tree65eef1bed574d8475454ea08b636834a4e765488 /lang
parentb02fad4f1655a22a758c9174e1761ac765bb755f (diff)
downloadpkgsrc-5301bafbfa3d4d0032559076a255d4c26962424c.tar.gz
Update php53 to 5.3.28 (PHP 5.3.28).
12 Dec 2013, PHP 5.3.28 - Openssl: . Fixed handling null bytes in subjectAltName (CVE-2013-4073). (Christian Heimes) . Fixed memory corruption in openssl_x509_parse() (CVE-2013-6420). (Stefan Esser).
Diffstat (limited to 'lang')
-rw-r--r--lang/php/phpversion.mk4
-rw-r--r--lang/php53/Makefile3
-rw-r--r--lang/php53/Makefile.php4
-rw-r--r--lang/php53/distinfo9
-rw-r--r--lang/php53/patches/patch-ext_openssl_openssl.c114
5 files changed, 9 insertions, 125 deletions
diff --git a/lang/php/phpversion.mk b/lang/php/phpversion.mk
index ec0df9cbc2b..4a1fb831ca4 100644
--- a/lang/php/phpversion.mk
+++ b/lang/php/phpversion.mk
@@ -1,4 +1,4 @@
-# $NetBSD: phpversion.mk,v 1.49 2013/11/16 09:45:26 taca Exp $
+# $NetBSD: phpversion.mk,v 1.50 2013/12/13 15:30:35 taca Exp $
#
# This file selects a PHP version, based on the user's preferences and
# the installed packages. It does not add a dependency on the PHP
@@ -81,7 +81,7 @@
PHPVERSION_MK= defined
# Define each PHP's version.
-PHP53_VERSION= 5.3.27
+PHP53_VERSION= 5.3.28
PHP54_VERSION= 5.4.22
PHP55_VERSION= 5.5.6
diff --git a/lang/php53/Makefile b/lang/php53/Makefile
index e34f8ab6579..c61651fcbe9 100644
--- a/lang/php53/Makefile
+++ b/lang/php53/Makefile
@@ -1,10 +1,9 @@
-# $NetBSD: Makefile,v 1.44 2013/12/05 16:16:40 taca Exp $
+# $NetBSD: Makefile,v 1.45 2013/12/13 15:30:35 taca Exp $
#
# We can't omit PKGNAME here to handle PKG_OPTIONS.
#
PKGNAME= php-${PHP_BASE_VERS}
-PKGREVISION= 3
CATEGORIES= lang
HOMEPAGE= http://www.php.net/
diff --git a/lang/php53/Makefile.php b/lang/php53/Makefile.php
index f7eab1380e6..3de89a3b7e3 100644
--- a/lang/php53/Makefile.php
+++ b/lang/php53/Makefile.php
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.php,v 1.37 2013/07/21 17:29:47 taca Exp $
+# $NetBSD: Makefile.php,v 1.38 2013/12/13 15:30:35 taca Exp $
# used by lang/php53/Makefile
# used by www/ap-php/Makefile
# used by www/php-fpm/Makefile
@@ -53,7 +53,7 @@ PKG_SUGGESTED_OPTIONS+= inet6 ssl
.if !empty(PKG_OPTIONS:Msuhosin)
SUHOSIN_PHPVER= 5.3.25
-. if ${SUHOSIN_PHPVER} != ${PHP_BASE_VERS} && ${PHP_BASE_VERS} != "5.3.27"
+. if ${SUHOSIN_PHPVER} != ${PHP_BASE_VERS} && ${PHP_BASE_VERS} != "5.3.28"
PKG_FAIL_REASON+= "The suhosin patch is currently not available for"
PKG_FAIL_REASON+= "this version of PHP. You may have to wait until"
PKG_FAIL_REASON+= "an updated patch is released or temporarily"
diff --git a/lang/php53/distinfo b/lang/php53/distinfo
index ed7fde9c82c..6afa70308da 100644
--- a/lang/php53/distinfo
+++ b/lang/php53/distinfo
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.69 2013/12/05 16:16:40 taca Exp $
+$NetBSD: distinfo,v 1.70 2013/12/13 15:30:35 taca Exp $
-SHA1 (php-5.3.27.tar.bz2) = 4f95682940ebe1bc1a93812d593460625a2aae64
-RMD160 (php-5.3.27.tar.bz2) = c2887004859f32b25229ffe52d86270c8de194b7
-Size (php-5.3.27.tar.bz2) = 11432791 bytes
+SHA1 (php-5.3.28.tar.bz2) = f985ca1f6a5f49ebfb25a08f1837a44c563b31f8
+RMD160 (php-5.3.28.tar.bz2) = e4910c0c365f39a5009807801bd5ee6e25be020d
+Size (php-5.3.28.tar.bz2) = 11051714 bytes
SHA1 (suhosin-patch-5.3.25-0.9.10.patch.bz2) = ce5883b05daf91e8a44fffbfa4d3989ac3311dd1
RMD160 (suhosin-patch-5.3.25-0.9.10.patch.bz2) = 6c4d0cfe070802481121be465b66d3cefe44da83
Size (suhosin-patch-5.3.25-0.9.10.patch.bz2) = 32447 bytes
@@ -19,7 +19,6 @@ SHA1 (patch-aj) = 181658ae523bd60f67750566711fc078b49191b7
SHA1 (patch-al) = fe534d7d50a529e3c7d0ffed76afdb70bb55a521
SHA1 (patch-ext_date_lib_parse__iso__intervals.c) = 1243e4cda1d6446ee4f8b6cab61556fa07837139
SHA1 (patch-ext_date_lib_parse__iso__intervals.re) = 75d4abd666c17d7d5f8a4ee9e489bf2565f83524
-SHA1 (patch-ext_openssl_openssl.c) = f45f4322ac875db7b0bb86efb7cfda1f659ac6cc
SHA1 (patch-ext_standard_basic__functions.c) = 017fd25e646af4d7eb2a0bd13b3c8da34eaee8c5
SHA1 (patch-main_streams_cast.c) = d68b69c9418a8780b1610b8755487771f7c46a5a
SHA1 (patch-php__mssql.c) = 524c4e5d7ede0e503049bf1febec58e0c4a29aa4
diff --git a/lang/php53/patches/patch-ext_openssl_openssl.c b/lang/php53/patches/patch-ext_openssl_openssl.c
deleted file mode 100644
index 577ae4edb2f..00000000000
--- a/lang/php53/patches/patch-ext_openssl_openssl.c
+++ /dev/null
@@ -1,114 +0,0 @@
-$NetBSD: patch-ext_openssl_openssl.c,v 1.2 2013/08/16 00:38:13 taca Exp $
-
-Fix for CVE-2013-4248.
-
---- ext/openssl/openssl.c.orig 2013-07-10 17:43:08.000000000 +0000
-+++ ext/openssl/openssl.c
-@@ -1326,6 +1326,75 @@ PHP_FUNCTION(openssl_x509_check_private_
- }
- /* }}} */
-
-+
-+/* Special handling of subjectAltName, see CVE-2013-4073
-+ * Christian Heimes
-+ */
-+
-+static int openssl_x509v3_subjectAltName(BIO *bio, X509_EXTENSION *extension)
-+{
-+ GENERAL_NAMES *names;
-+ const X509V3_EXT_METHOD *method = NULL;
-+ long i, length, num;
-+ const unsigned char *p;
-+
-+ method = X509V3_EXT_get(extension);
-+ if (method == NULL) {
-+ return -1;
-+ }
-+
-+ p = extension->value->data;
-+ length = extension->value->length;
-+ if (method->it) {
-+ names = (GENERAL_NAMES*)(ASN1_item_d2i(NULL, &p, length,
-+ ASN1_ITEM_ptr(method->it)));
-+ } else {
-+ names = (GENERAL_NAMES*)(method->d2i(NULL, &p, length));
-+ }
-+ if (names == NULL) {
-+ return -1;
-+ }
-+
-+ num = sk_GENERAL_NAME_num(names);
-+ for (i = 0; i < num; i++) {
-+ GENERAL_NAME *name;
-+ ASN1_STRING *as;
-+ name = sk_GENERAL_NAME_value(names, i);
-+ switch (name->type) {
-+ case GEN_EMAIL:
-+ BIO_puts(bio, "email:");
-+ as = name->d.rfc822Name;
-+ BIO_write(bio, ASN1_STRING_data(as),
-+ ASN1_STRING_length(as));
-+ break;
-+ case GEN_DNS:
-+ BIO_puts(bio, "DNS:");
-+ as = name->d.dNSName;
-+ BIO_write(bio, ASN1_STRING_data(as),
-+ ASN1_STRING_length(as));
-+ break;
-+ case GEN_URI:
-+ BIO_puts(bio, "URI:");
-+ as = name->d.uniformResourceIdentifier;
-+ BIO_write(bio, ASN1_STRING_data(as),
-+ ASN1_STRING_length(as));
-+ break;
-+ default:
-+ /* use builtin print for GEN_OTHERNAME, GEN_X400,
-+ * GEN_EDIPARTY, GEN_DIRNAME, GEN_IPADD and GEN_RID
-+ */
-+ GENERAL_NAME_print(bio, name);
-+ }
-+ /* trailing ', ' except for last element */
-+ if (i < (num - 1)) {
-+ BIO_puts(bio, ", ");
-+ }
-+ }
-+ sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
-+
-+ return 0;
-+}
-+
- /* {{{ proto array openssl_x509_parse(mixed x509 [, bool shortnames=true])
- Returns an array of the fields/values of the CERT */
- PHP_FUNCTION(openssl_x509_parse)
-@@ -1422,15 +1491,29 @@ PHP_FUNCTION(openssl_x509_parse)
-
-
- for (i = 0; i < X509_get_ext_count(cert); i++) {
-+ int nid;
- extension = X509_get_ext(cert, i);
-- if (OBJ_obj2nid(X509_EXTENSION_get_object(extension)) != NID_undef) {
-+ nid = OBJ_obj2nid(X509_EXTENSION_get_object(extension));
-+ if (nid != NID_undef) {
- extname = (char *)OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension)));
- } else {
- OBJ_obj2txt(buf, sizeof(buf)-1, X509_EXTENSION_get_object(extension), 1);
- extname = buf;
- }
- bio_out = BIO_new(BIO_s_mem());
-- if (X509V3_EXT_print(bio_out, extension, 0, 0)) {
-+ if (nid == NID_subject_alt_name) {
-+ if (openssl_x509v3_subjectAltName(bio_out, extension) == 0) {
-+ add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1);
-+ } else {
-+ zval_dtor(return_value);
-+ if (certresource == -1 && cert) {
-+ X509_free(cert);
-+ }
-+ BIO_free(bio_out);
-+ RETURN_FALSE;
-+ }
-+ }
-+ else if (X509V3_EXT_print(bio_out, extension, 0, 0)) {
- BIO_get_mem_ptr(bio_out, &bio_buf);
- add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1);
- } else {